How we protect your data
We collect little, and we guard what we keep.
Practices
- Encryption. Data is encrypted in transit (TLS) and at rest.
- Data minimization. We collect the least we need to run a club. For library patrons in mediated mode, that means no identifying reading history at all. The safest data is the data we never hold.
- Access control. Access to systems and data is limited to those who need it, on a least-privilege basis.
- No selling, no ad tracking. We don't sell data and we don't embed advertising trackers, so there are fewer ways for your information to travel.
- Backups and recovery. Regular backups with a tested recovery process. [CONFIRM CADENCE]
- Vendors. We use a small set of reputable service providers (hosting, payments, email) and list them in our Privacy Policy and Data Processing Agreement.
Reporting a vulnerability
If you believe you've found a security issue, please email [SECURITY EMAIL]. We'll acknowledge it and work with you in good faith to resolve it. Please give us reasonable time to fix an issue before disclosing it publicly.
Last reviewed: [DATE]